Cybersecurity Threats - NI Business Continuity Forum

12TH NOVEMBER 2014

CYBER SECURITY | THREATS

DAVID CROZIER – TECHNICAL MARKETING MANAGER

@DAVID_CROZIER

David Crozier

Technical Marketing Manager at QUB’s Centre for Secure Information Technologies (CSIT)

Responsible for marketing of commercial R&D, IP, MSc and membership programmes and planning

its annual World Cyber Security Technology Research Summit.

Currently advise the Northern Ireland Organised Crime Task Force on cyber and cyber enabled crime.

Holds a BSc Computer Science and MSc Innovation & Entrepreneurship from the University of Ulster.

Vision

Our vision is to establish a global innovation hub for cyber security, to accelerate new value creation, drive new venture creation and build capacity for the cyber security industry, whilst not compromising on research excellence

GLOBALINNOVATION

HUB FORCYBER

SECURITY

CSIT within the Innovation landscape

TRLs

SBRI, KTP, Innovation Voucher

EPSRC–Responsive Mode Research CASE, PhDs

Horizon 2020Collaborative R&D

Technology Deployed,

Spinouts

EPSRC Innovate UK

Contract Development

CSIT - IKC

VCs, Angels etc.

SMART

1 2 3 4 5 6 7 8 9

Open Innovation Model

THINK

How much is your data worth?

Perception

Trending to zero

How much is your data worth?

$20 per user

Google 2006

$30 per user

Facebook 2012

$42 per user

Facebook 2014

Reality

What are they after?

Categories of Threats

Corporations, Corporations, Individuals

Corporations, Individuals

Corporations, Individuals,

Governments

N/ARetailers, Financial Services,

Individuals

positions, Legal

Intellectual Property,

Negotiation positions, Legal posture, R&D,

Weapons

Low Low-Med Low-Med Low-Med High High

Phishing, Malware

Destruction,Theft

DDOS,Anonymous,

Wikileaks, Lulzsec

Al-Qaeda Sites,ISIS Recruitment

Carding, ACH, PII

ChineseHackers, APTs,

ICS SCADA

Targets

Skill Level

Example

Objective

Financial Gain

Revenge,Monetary Gain

Defamation,Notoriety

Fundraising,Propaganda,Recruitment

Financial Gain

Economic, Political

Advantage

VirusesWorms, Spam

Insider threat,Insider sabotage

Hacktivists TerroristsOrganised

CrimeState Sponsored

Amended from original and used with permission from – Paul C Dwyer, Cyber Risk International Ltd

The Insider Threat

“A person who exploits, or has the intention to exploit, their legitimate access to an organisation’s assets for unauthorised purposes.”

� Gender: 82% Male, 18% Female

� Age: 49% 41-45 Years Old

� Contract: 88% Permanent Staff

� Job Type: Customer Service (20%), Financial (11%), Security 11%)

� Role: 45% Managers, 49% Administrative/Support Roles

� Duration: 6 Months (41%), 5+ Years (11%)

� Time in Service: < 5 Years (60%)

CPNI Insider Data Collection Study 2013

Detecting The Insider Threat

Threat Indicators:

Anomaly Detection

• Physical/Remote Access Patterns

• Data Access Patterns

• Communication Channels (Email, Phone, IM)

IT Observables

• Data Exfiltration

• Resource Usage (Systems, Printers, Data Storage)

• Access Violations (Resource Probing)

Evidential Reasoning

• Criminology Profiles (Immature, Self-Esteem, Impulsive)

• Motivation Analysis (Grievances, HR Reports)

• Behavioural Evidence (Stressed, Adverse Life Events)

The Increasing Network Perimeter

Multiple Access Points

� Distributed Corporate Systems

� Third-party IT Providers

� Wireless Connectivity Support

� 3G/4G Pervasiveness

� BYOD Support

� Collaborative Data Sharing Tools

Compliance and certification is enough – Right?

Wrong!

• Payment Card Industry Data Security Standard (PCI DSS)

• ISO 27001:2013

• Certified Information Systems Security Professional (CISSP)

• Certified Information Security Manager (CISM)

• Certified Ethical Hacker (CEH)

These are only a starting point, baselines.

You need to aim for Compliance Plus+ in relation to cyber security.

Cyber Security is not just ITs problem

CEO

CIO CFO COO CMO

Not knowing is not good enough anymore

If, not when.

Protect

& Prepare

Detect & Analyse

Containment, eradication

and Remediation

Post-mortem

Threat Intelligence Sharing

The Cyber-security Information Sharing Partnership (CiSP), part of CERT-UK, is a joint industry government initiative to share cyber threat and vulnerability information in order to increase overall situational awareness of the cyber threat and therefore reduce the impact on UK business.

CiSP members receive enriched cyber threat and vulnerability information from the ‘Fusion Cell’, a joint industry and government analytical team who examine, analyse and feedback cyber information from a wide variety of data sources.

600 Organisations and 1700 Individuals signed up for this free service as of summer 2014.

Incident Reporting

• Significant under-reporting in Northern Ireland

• New reporting portal for industry only being tested

• Will support business case for further investigative resources

• PSNI are mindful of reputational damage.

• Investigation processes updated accordingly to minimise negative commercial impact.

Growth Prospects

• Global Cybersecurity market size:

• £136Bn (K-Matrix, May 2013)

• £51Bn (Markets and Markets, 2012)

• UK Cybersecurity market size:

• £4.3Bn (K-Matrix, May 2013)

• £2.8Bn growing to £3.4Bn by 2017 (PAC, 2013)

• Importance to UK

• National Cybersecurity Strategy

• Major Businesses (BAE Systems, Thales UK, QinetiQ, BT), specialist consultants (KPMG, PwC), UK based FDI (IBM, Intel, Microsoft, Lockheed Martin, CGI) and numerous SMEs

• Cyber Growth Partnership • Government have targeted £2Bn by 2016 for exports (£850M in 2012)

• 135% Growth

Emergent Industry

Industry Informed & Work Placement Opportunities

• Feedback incorporated into course structure & module content

• McAfee providing lecture material to support Malware module

• Invited seminars and special guest lectures from industry experts

• Internship and work placement opportunities will be open to students accepted for enrolment on the MSc in Cyber Security

MSc in Cyber Security

Q&A

@DAVID_CROZIER